Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/u2frg3KoQD50q-PpQ7hg2ohK62s.roa
File:                     u2frg3KoQD50q-PpQ7hg2ohK62s.roa (raw, json)
Hash identifier:          8D2/FSdhtguPDlwdWy9ZtE8qwsUTtlcLK88QqalH+/I=
Subject key identifier:   BB:67:EB:83:72:A8:40:3E:74:AB:E3:E9:43:B8:60:DA:88:4A:EB:6B
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018958E81BF739D8B77AEAF46DB66C5E35F2
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/u2frg3KoQD50q-PpQ7hg2ohK62s.roa
Signing time:             Sat 15 Jul 2023 09:35:53 +0000
ROA not before:           Sat 15 Jul 2023 09:35:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        188.241.243.0/24 maxlen: 24
                          185.255.39.0/24 maxlen: 24
                          188.214.209.0/24 maxlen: 24
                          185.241.210.0/23 maxlen: 24
                          188.241.214.0/24 maxlen: 24
                          93.115.254.0/23 maxlen: 24
                          188.213.203.0/24 maxlen: 24
                          188.213.202.0/24 maxlen: 24
                          193.23.129.0/24 maxlen: 24
                          193.23.128.0/24 maxlen: 24
                          213.232.93.0/24 maxlen: 24
                          213.232.92.0/24 maxlen: 24
                          213.232.94.0/23 maxlen: 24
                          45.156.159.0/24 maxlen: 24
                          45.156.157.0/24 maxlen: 24
                          89.33.85.0/24 maxlen: 24
                          89.33.84.0/24 maxlen: 24
                          185.255.169.0/24 maxlen: 24
                          185.255.170.0/23 maxlen: 24
                          185.255.170.0/24 maxlen: 24
                          89.35.154.0/24 maxlen: 24
                          89.35.155.0/24 maxlen: 24
                          188.212.132.0/24 maxlen: 24
                          188.212.133.0/24 maxlen: 24
                          188.212.155.0/24 maxlen: 24
                          188.212.158.0/24 maxlen: 24
                          87.247.148.0/24 maxlen: 24
                          87.247.150.0/24 maxlen: 24
                          87.247.149.0/24 maxlen: 24
                          87.247.151.0/24 maxlen: 24
                          188.240.224.0/24 maxlen: 24
                          188.240.225.0/24 maxlen: 24
                          188.240.230.0/24 maxlen: 24
                          188.240.227.0/24 maxlen: 24
                          188.240.233.0/24 maxlen: 24
                          91.188.205.0/24 maxlen: 24
                          91.188.204.0/24 maxlen: 24
                          91.188.206.0/24 maxlen: 24
                          91.188.207.0/24 maxlen: 24
                          89.37.63.0/24 maxlen: 24
                          185.135.140.0/24 maxlen: 24
                          185.135.143.0/24 maxlen: 24
                          185.103.72.0/24 maxlen: 24
                          185.238.10.0/24 maxlen: 24
                          188.241.110.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:58:e8:1b:f7:39:d8:b7:7a:ea:f4:6d:b6:6c:5e:35:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jul 15 09:35:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bb67eb8372a8403e74abe3e943b860da884aeb6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c5:0f:e7:7a:9e:59:9a:0e:22:b7:0c:ea:1b:
                    35:bc:c4:09:bc:a1:f3:9e:59:d7:31:10:61:24:93:
                    e2:03:e5:8b:4c:e4:d6:04:d5:27:7d:a4:6e:89:43:
                    55:33:2c:58:48:cc:e6:1d:3d:a3:4c:d3:cb:8e:b1:
                    05:9c:f0:24:6b:65:38:bb:3f:93:81:cb:73:80:85:
                    5c:e8:93:15:b6:8e:4c:ff:b6:50:f6:26:cc:40:11:
                    f9:fa:27:6d:67:b3:14:0c:27:82:04:29:6a:ff:08:
                    9d:44:21:61:43:a6:32:04:e2:34:2c:f9:64:ec:8f:
                    59:08:34:5f:14:2b:81:2b:c8:17:a9:f6:62:21:66:
                    0e:f8:96:37:3d:47:66:20:90:d8:dc:a6:58:00:b7:
                    30:ca:66:e9:3a:ee:1d:62:d5:7a:38:0e:69:d9:e2:
                    75:1f:9b:56:29:bf:9c:c4:e7:1f:12:17:57:48:8d:
                    c3:41:db:61:91:f9:18:e0:23:1a:01:7c:27:36:63:
                    38:d9:1e:6f:a8:9b:1a:a6:76:0b:e7:7f:1c:8b:76:
                    ef:e8:d7:18:42:9b:36:ea:9c:a8:d0:f2:8e:a0:4d:
                    9a:41:ff:92:58:f6:a2:25:45:2c:8d:74:e6:13:81:
                    5c:20:bb:ce:ff:4d:01:22:e7:56:59:e2:17:00:84:
                    1a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:67:EB:83:72:A8:40:3E:74:AB:E3:E9:43:B8:60:DA:88:4A:EB:6B
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/u2frg3KoQD50q-PpQ7hg2ohK62s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.157.0/24
                  45.156.159.0/24
                  87.247.148.0/22
                  89.33.84.0/23
                  89.35.154.0/23
                  89.37.63.0/24
                  91.188.204.0/22
                  93.115.254.0/23
                  185.103.72.0/24
                  185.135.140.0/24
                  185.135.143.0/24
                  185.238.10.0/24
                  185.241.210.0/23
                  185.255.39.0/24
                  185.255.169.0-185.255.171.255
                  188.212.132.0/23
                  188.212.155.0/24
                  188.212.158.0/24
                  188.213.202.0/23
                  188.214.209.0/24
                  188.240.224.0/23
                  188.240.227.0/24
                  188.240.230.0/24
                  188.240.233.0/24
                  188.241.110.0/24
                  188.241.214.0/24
                  188.241.243.0/24
                  193.23.128.0/23
                  213.232.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:6b:09:b5:8f:ca:66:27:e0:41:c2:e4:91:2c:d8:40:25:56:
         52:40:7a:5e:56:0c:ff:0f:2f:f5:67:7e:18:a8:72:be:b7:8e:
         5e:e3:9c:ba:b8:06:be:f1:5f:e1:bf:9f:a3:27:20:8e:ca:f0:
         71:85:54:82:fd:3a:67:43:d1:a9:b0:3d:36:c2:93:d3:3a:e2:
         07:ff:bc:59:f8:d1:44:1e:b6:85:a9:69:21:a9:b5:45:fd:34:
         ca:44:06:04:1d:ea:55:82:0d:d7:07:06:87:a8:4d:12:43:b4:
         69:38:d1:68:d3:51:3e:50:53:b5:32:89:dd:0d:1c:d1:7f:2f:
         23:07:37:8f:32:b0:19:bb:dc:1b:ae:ce:ef:55:a5:9f:66:7a:
         28:8c:a0:6e:0f:0a:46:55:cd:fe:30:86:86:1f:1e:c4:b5:32:
         e7:8d:5b:d7:9c:65:7e:78:99:fc:59:2a:d2:4e:fe:ab:1c:16:
         a0:94:b9:c7:32:87:4b:73:50:14:17:52:0c:22:de:8f:f6:1e:
         ee:2b:b7:65:a6:c6:07:41:61:8e:6e:77:c8:f0:84:93:aa:f5:
         97:ee:df:47:dd:dc:55:63:55:61:93:9f:23:e8:7f:05:fa:34:
         da:f6:8c:70:e3:97:4d:79:09:17:7f:8b:dd:8b:f5:87:cb:91:
         55:9a:2c:d8
-----BEGIN CERTIFICATE-----
MIIFsjCCBJqgAwIBAgISAYlY6Bv3Odi3eur0bbZsXjXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNzE1MDkzNTUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjY3ZWI4MzcyYTg0MDNlNzRhYmUzZTk0M2I4NjBkYTg4NGFlYjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8UP53qeWZoOIrcM6hs1vMQJvKHz
nlnXMRBhJJPiA+WLTOTWBNUnfaRuiUNVMyxYSMzmHT2jTNPLjrEFnPAka2U4uz+T
gctzgIVc6JMVto5M/7ZQ9ibMQBH5+idtZ7MUDCeCBClq/widRCFhQ6YyBOI0LPlk
7I9ZCDRfFCuBK8gXqfZiIWYO+JY3PUdmIJDY3KZYALcwymbpOu4dYtV6OA5p2eJ1
H5tWKb+cxOcfEhdXSI3DQdthkfkY4CMaAXwnNmM42R5vqJsapnYL538ci3bv6NcY
Qps26pyo0PKOoE2aQf+SWPaiJUUsjXTmE4FcILvO/00BIudWWeIXAIQa3QIDAQAB
o4ICvjCCArowHQYDVR0OBBYEFLtn64NyqEA+dKvj6UO4YNqISutrMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdTJmcmczS29RRDUwcS1QcFE3aGcyb2hLNjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHTBggrBgEFBQcBBwEB/wSBwzCBwDCBvQQCAAEwgbYDBAAt
nJ0DBAAtnJ8DBAJX95QDBAFZIVQDBAFZI5oDBABZJT8DBAJbvMwDBAFdc/4DBAC5
Z0gDBAC5h4wDBAC5h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQMEArn/qAME
AbzUhAMEALzUmwMEALzUngMEAbzVygMEALzW0QMEAbzw4AMEALzw4wMEALzw5gME
ALzw6QMEALzxbgMEALzx1gMEALzx8wMEAcEXgAMEAtXoXDANBgkqhkiG9w0BAQsF
AAOCAQEAkGsJtY/KZifgQcLkkSzYQCVWUkB6XlYM/w8v9Wd+GKhyvreOXuOcurgG
vvFf4b+foycgjsrwcYVUgv06Z0PRqbA9NsKT0zriB/+8WfjRRB62halpIam1Rf00
ykQGBB3qVYIN1wcGh6hNEkO0aTjRaNNRPlBTtTKJ3Q0c0X8vIwc3jzKwGbvcG67O
71Wln2Z6KIygbg8KRlXN/jCGhh8exLUy541b15xlfniZ/Fkq0k7+qxwWoJS5xzKH
S3NQFBdSDCLej/Ye7iu3ZabGB0Fhjm53yPCEk6r1l+7fR93cVWNVYZOfI+h/Bfo0
2vaMcOOXTXkJF3+L3Yv1h8uRVZos2A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:14 2024 by rpki-client on console-ams.rpki-client.org